Rik Chorus, Kyndryl: How to defend against evolving cybersecurity threats

Rik Chorus, Kyndryl’s director of security and resiliency & networking and edge, Benelux, discusses how the firm is helping organisation’s navigate their way through an ever-changing tech and business landscape.

Can you tell us a little bit about Kyndryl and what you do at the company?

There are a few things that I think are really interesting and that set Kyndryl apart from everything I’ve seen in the market so far. One of the things is that Kyndryl, as the world’s largest IT infrastructure services provider, is really focusing on very complex, large infrastructures. And one of the things that we do really well is, in all that complexity and all the fragmentation that we see in the landscape, we try to build better innovations and more efficiency. We create a lot of simplification, creating systems in a lot of new ways for our clients by drawing on the technologies of partners such as Microsoft, Google Cloud  and Nokia.

That’s something we excel at, as well as the people. The people in our organisation, the skills and the knowledge that we can deliver to organisations is absolutely formidable.

We’re very strong on the co-create side. We do a lot in co-creation with clients. We’re not just enforcing solutions onto any organisation. We’re really trying to build and innovate in ways that bring value to the client, and also make sense to them. Through collaborative co-creation with our customers, we support them in unleashing innovations that are essential for their ongoing success.

We have several practices that we build along and two of the practices are in my domain, which is the security and resiliency part, and the network and edge part. But we also do data and AI. We work on the application, the mainframe. We work on various other topics with our clients and one of the really important ones is the digital workspace. So there are several things that we help clients with from various perspectives.

So it sounds like you’re involved in a bit of everything. What are the main tech trends that you’ve seen developing?

Let’s start with my own practice. In cybersecurity, we see it is becoming more of a business problem. And it’s also being viewed by the business instead of just being seen as an operational problem. We see a shift that is moving from cybersecurity to cyber resilience.

And that has a lot to do with ransomware, for example, because that really changed the way we needed to look at cybersecurity and how we were capable as organisations to overcome those types of threats. It really is key in every industry as it is no longer the question whether a security breach will happen, but when and how big the damage is. A proactive – versus reactive – approach to secure applications and mission-critical systems is a matter of survival. Because of this, we offer a wide range of services that enable our enterprise customers to quickly detect and effectively respond to and recover from cyberattacks.

AI and machine learning, of course, continue to be a huge trend. At Kyndryl, AI plays an important role. We both apply AI in our operations and enable our customers to use AI in their business. AI is also providing us with more opportunities to help customers with their data architectures and manage their infrastructures, all of which can enable them to operate more efficiently.   But also AI ethics, responsible AI solutioning is important. We need to address issues, such as trust, risk and security. We need transparency. When it comes to AI models, we now see a lot of generative AI like ChatGPT. But what are those models based on? What was the trustworthiness of them? What data is being inputted? These models are so significantly large when it comes to the data that’s in there, that it’s really important to consider the AI ethics that we need to uphold. With the amount of data available, it’s more important than ever to ensure it’s used correctly with a modernized data architecture.  

You see trends around data and AI, data observability. It will be key for scaling AI in any business. There’s definitely a lot going on on the data and AI side.

Cloud, of course, is still a trend. It’s been here for a long time already but I still think that the cloud will be able to drive a lot of innovation. We’ve seen, for example, with the COVID pandemic, that companies were storing a lot of data and doing business in the cloud. We’re much faster in adopting the new way of working with all the remote workers etc.

Other trends are around 5G. You see a lot of 5G networks popping up, and we’ll see more of that throughout all industries. For example, retail, right where companies want to enhance the customer experience.

You probably speak to a lot of customers or potential customers. What do they tell you are the big challenges they’re facing?

They’re facing numerous challenges. For me, it’s specifically more on the cybersecurity and resiliency side, but they’re having to deal with a variety of other challenges. For example, with data silos that you see in organisations. Trying to share data and have that comprehensive view as an organisation tends to be really hard. One of the things we help customers with is data modernisation and trying to remove those barriers and silos inside an organisation, so that you can more easily share and collaborate.

Another one, of course, is legacy systems. We still see a lot of legacy. If you look at it from a security perspective, that’s even harder because you don’t want to touch legacy systems with new kinds of security solutioning because they probably will end up dying on you.

If you install an antivirus client on the mainframe that’s been sitting there for 20 years, it will not be able to process it. But legacy systems tend to be slow, rigid and usually very expensive also to maintain. So it’s making it difficult for organisations to integrate them with the newer technologies.

I see a lot of issues on the cybersecurity side, from the advancing threat landscape. If you look at all the IoT, the sensors, OT, all the different things that we’re connecting, and the way that the complete attack surface is expanding, it’s very significant. That would give a lot of new opportunities to people with malicious intent into organisations because their attack surface is expanding so rapidly. And a lot of organisations have a complete view of all the IoT and OT that they have within their environment. So it’s going to be very challenging to make sure that you have the proper security on that.

And, from a cybersecurity perspective, also the regulatory compliance that organisations need to uphold. We have already seen GDPR with regard to privacy in Europe. Now we’re also seeing new legislation coming from the European Union around the NIS2 directive, and the DORA, which is the Digital Operation Resiliency Act for financial institutions. So there’s a lot of attention coming from governments, and we need to make sure that our cyber security and cyber resiliency is updated.

How do you see the cybersecurity threats evolving? And how do you expect that the change in the future?

The threats are becoming a lot more sophisticated? Just look at phishing. We still see there’s a high rate of these types of attempts that are successful, because there’s always somebody that didn’t see that it wasn’t a proper email or that it was something malicious.

There’s always the human factor that we need to include when it comes to cybersecurity. So it will still be simple things that will be leveraged to attack organisations, but you also see a lot more sophisticated attacks on organisations. There are well thought out attacks that leverage, for example, AI or leverage machine learning. You cannot make a distinction between if it is real, or if it is not real. There are emails coming in that are so sophisticated, that you think it’s the real thing.

I think we will see more deepfake. If you look into deepfakes that we’re seeing now, they’re very hard to distinguish from reality. And then you see that individuals or the media are being influenced by types of deepfakes. It’s really hard to get a clear understanding of what’s real and what isn’t anymore.

Is there any advice that you could give companies that want to improve their cybersecurity?

One of the best books I’ve been reading recently is around cybersecurity first principles. It talks about us now having all the solutions, all the fragmented landscapes and all these different frameworks. But what’s really important to your organisation? First, you need to define what it is that you’re trying to achieve with cybersecurity, because sometimes we really lose sight of the goal, and we’re just extinguishing fires that pop up in an organisation and we’re putting in new technology. Then something else happens and we’re adding more technology, more complexity and more fragmentation to the environment. So really looking at what are my key essentials, what are my risks, then defining a good, proper, solid framework. It’s really about doing the fundamentals in cybersecurity.

And then, unfortunately, ‘zero trust’ has become a buzzword in the industry and I see so many approaches to zero trust. I see some vendors saying if you implement this box then you have zero trust and that’s not the case. Zero trust is actually a really good thought. It’s a philosophy, it’s a thought. It’s not a solution. It’s not something that you implement. It’s really about changing the mindset of your organisation and doing things in a different way.

And if you look at the future with quantum computing, AI etc, having a good and solid zero trust strategy will be key for any organisation. You really want to move away from that defence in depth and perimeter defence, to ‘I’m just not trusting anything’. I’m going to decide, based on what I’m seeing from you and how I can identify you, what type of trust I’m going to give you. But we need to push that forward a lot more even, for example, in segmentation. I see a lot of organisations say ‘yeah, we do segmentation’, and then you drill down and it’s just VLAN segmentation. While you should also be looking at, for example, micro segmentation.

If I look at an application, why should somebody sitting at the front desk have access to the financial reports of an organisation? It makes no sense. But usually that happens because there is no segmentation on the application side. There are lots of things that you can actually leverage when it comes to the zero trust strategy. There are some great tactics for zero trust. For example, you do vulnerability assessments, you look at your assets in your organisation, you identify, you do segmentation or micro segmentation, there are many good steps that you can actually take.

The managed security services market has been valued at $47 billion and I heard that’s something Kyndryl is focusing on. What are the latest products and services that Kyndryl has introduced in this area?

When you look at the managed security services, it’s really about helping organisations solve a few problems. One of the problems is that they might not have the proper skills and resources. As an organisation, it’s very hard to get the right security people in your organisation. It’s very hard to even find them, because we have a significant lack of security personnel in that area.

Kyndryl has built and set up several Security Operation Centers (SOC’s) spread geographically in Spain, Italy, Hungary and Canada.. So we have several security operations centres that you, as a client, might be able to leverage. But the good thing is that we don’t just say ‘alright, we’re going to take over everything, and you’re going to get our security operations centre, and that’s it.

We’re going to be looking at what capabilities you are missing, and that you could leverage from us that we have in our security operations centres. What skills or certain capabilities are missing? How can we help you from that end? It might be that you need incident response capability, it might be that you need monitoring and analytics, it might be that you need threat hunting capability.

And what I’m seeing with a lot of customers is a bit of a shift from completely outsourcing all of those things to feeling that they just need certain capabilities. And that’s something Kyndryl is really addressing in a smart way, by co-creating, by leveraging those specific capabilities to an organisation in which we can really help them and perhaps lower the cost for them. But also help them with skills and the resources that they might need.

So there’s a lot of things happening on the managed side. We’re doing endpoint detection and response, and a lot of other managed capabilities, for example, around identity and access management or vulnerability management. There are tonnes of things that we are capable of already doing, which we have built up in a tremendously swift amount of time. It’s incredible how great the steps are that we have made in the past two years.

What plans does Kyndryl have for the year ahead?

We are in the year of acceleration. We will continue to advance and execute on our strategy to drive the growth of our business locally and worldwide. Also, we will continue working on strengthening our alliances and signing hyperscale contracts with local companies that are advancing in their digital transformation. 

In terms of cybersecurity and resiliency, we are pretty far ahead already on the resiliency side, because it’s something that organisations are now picking up on.

We have made great steps on really providing a full circle resilience solutioning for our clients, from helping them with consulting, to solutioning, to providing services. And if you look at the future, it’s really about the solution that we are building like Kyndryl Bridge, where we seamlessly integrate AI, operational data and our expertise to provide our customers with a new way to operate their systems and deliver improved business outcomes. For the next year, we want to support companies even more to have greater visibility and control over their complex IT operations, resulting in better returns on investment and fewer incidents.

Besides this, we focus on simplifying environments for our clients. We need to make sure that we leverage automation in the best way, so that we reduce the pressure of everything that’s coming into those organisations, and they might not be able to respond to them. Why not do it in an automated way? Why not leverage full automation capabilities, leverage, enrich, to integrate applications, to simplify, to innovate, to add a lot more business value and try to be more efficient?

So that’s where we’re heading. Better innovation, better integration, more simplification, and more automation for your organisation.

Check out the upcoming Cloud Transformation Conference, a free virtual event for business and technology leaders to explore the evolving landscape of cloud transformation. Book your free virtual ticket to deep dive into the practicalities and opportunities surrounding cloud adoption. Learn more here.

Tags: cybersecurity, Kyndryl

Source